Package: passenger Version: 6.0.13+ds-1+b2 Severity: normal Tags: upstream Dear Maintainer,
When starting, the Apache logs show an available update with two security issues fixed: [ E 2023-01-26 16:19:00.9642 2682647/T6 age/Cor/SecurityUpdateChecker.h:521 ]: A security update is available for your version (6.0.13) of Phusion Passenger(R). We strongly recommend upgrading to version 6.0.17. [ E 2023-01-26 16:19:00.9644 2682647/T6 age/Cor/SecurityUpdateChecker.h:526 ]: Additional security update check information: - [Fixed in 6.0.14] [CVE-2018-25032] zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. - [Fixed in 6.0.14] A use after free memory safety issue was introduced in 6.0.12, and fixed in 6.0.14. It would be nice if it was still possible to update the version of Passenger to at least 6.0.14 -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-22-amd64 (SMP w/2 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages passenger depends on: ii libc6 2.36-8 ii libcurl4 7.87.0-2 ii libev4 1:4.33-1 ii libgcc-s1 12.2.0-14 ii libruby 1:3.1 ii libruby3.1 3.1.2-4 ii libssl3 3.0.7-2 ii libstdc++6 12.2.0-14 ii libuv1 1.44.2-1 ii ruby 1:3.1 ii ruby-rack 2.2.4-2 passenger recommends no packages. Versions of packages passenger suggests: ii nodejs 18.13.0+dfsg1-1 ii python3 3.10.6-3+b1 pn rails <none> -- no debconf information